WO2013152986A1 - Secure generation of a user account in a service server - Google Patents

Secure generation of a user account in a service server Download PDF

Info

Publication number
WO2013152986A1
WO2013152986A1 PCT/EP2013/057098 EP2013057098W WO2013152986A1 WO 2013152986 A1 WO2013152986 A1 WO 2013152986A1 EP 2013057098 W EP2013057098 W EP 2013057098W WO 2013152986 A1 WO2013152986 A1 WO 2013152986A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
service server
service
switching device
identification data
Prior art date
Application number
PCT/EP2013/057098
Other languages
German (de)
French (fr)
Inventor
André WITTENBURG
Mike Bobinski
Original Assignee
Deutsche Post Ag
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to DE102012205904.0 priority Critical
Priority to DE201210205904 priority patent/DE102012205904A1/en
Application filed by Deutsche Post Ag filed Critical Deutsche Post Ag
Publication of WO2013152986A1 publication Critical patent/WO2013152986A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/383Anonymous user system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Use of an alias or a single-use code
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0815Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network providing single-sign-on or federations

Abstract

The invention relates to a method for providing user identification data in order to generate a user account of a user, which contains user identification data, in a service server that provides an electronic service using the user account. The user is registered in a communications device, and based on the registration of the user the communications device transmits a request to generate the user account and the user identification data to the service server in such a manner that the service server generates the user account using the user identification data. The communications device can act as a trustworthy platform for users and service providers and allow anonymous access of users to services. The invention also relates to a communications device suitable for carrying out the method and to a computer program for carrying out the method.

Description

 Secure generation of a user account in a service server

description

The invention is concerned with the creation of a user account at a provider of an electronic service. In particular, the invention relates to a method and a switching device for providing user identification data for generating a user account containing user identification data of a user in a service server, which provides an electronic service using the user account.

For access to electronic services provided via web platforms or in a comparable manner, users often have to register with the service server offering the service. In particular for fee-based services, registration is required on a regular basis so that the service provider can charge the user for the fees incurred for using the service. The registration usually includes the provision of personal data of the user, such as the name and address of the user and details for the billing, such as credit card information and / or bank account information.

However, many users are reluctant to disclose their personal information. They fear a loss of their privacy and misuse of their personal information by the service provider or by third parties who are unjustifiably accessing the data deposited with the service provider. As a result, users may find it unpleasant to register with a service server, or even completely avoid the use of services that require registration with personal information. It is therefore an object of the present invention to allow users access to electronic services with a registration obligation and to avoid as far as possible the disclosure of personal data to the service provider.

The object is achieved by a method according to claim 1, a computer program according to claim 14 and a device according to claim 15. Embodiments of the method, the computer program and the switching device are specified in the dependent claims.

According to a first aspect, the invention proposes a method for providing user identification data for generating a user account containing user identification data of a user in a service server, which provides an electronic service using the user account. The user is registered in a switching device with personal data and the switching device transmits a user account registration request and the user identification data to the service server such that the service server generates the user account using the user identification data.

According to a further aspect of the invention, a switching device for providing user identification data for generating a user account containing user identification data of a user in a service server is proposed, which provides an electronic service using the user account. The switching device contains a registration of the user with personal data of the user and is configured to transmit a request for generating the user account and the user identification data to the service server on the basis of the registration of the user such that the service server generates the user account using the user identification data , The usage authentication data, which is transmitted from the switching device to the service server, preferably does not contain the personal data with which the user is registered in the switching device. The advantage of the intended generation of the user account via the switching device is that the personal data of the user does not have to be transmitted to the service server or to the service provider operating the service server. The service provider can trust that the data is stored correctly in the switching device, so that, for example, billing processes for paid services can be carried out safely and reliably. The switching device serves as a trusted point to the service provider.

In one embodiment of the method and the switching device it is provided that the user identification data comprise a user identifier automatically generated by the switching device and / or user identifier specified by the user. The user identifier is preferably unique to the user. On the basis of the user identifier, a clear relationship between the user account of the user in the service server and the registration of the user in the switching device is advantageously established.

In a further embodiment of the method and the switching device, the user identification data comprise an authentication feature specified by the user, which may in particular be a secret password of the user. The authentication feature may be included in the user identification data in addition to the user identifier.

An embodiment of the method and the switching device is characterized in that after the generation of the user account access to the service is based on the user identification data. Thus, a user account is advantageously generated via the switching device, to which later on based on the user identification data provided by the switching device. can be accessed to use the service provided by the service server.

An embodiment of the method of the switch means that the user identification data is transmitted from the user to the service server to access the service. In this embodiment, the user can advantageously directly, i. without having to turn on the switch, access the service server. For transmission of the user identification data, these can be entered, for example, by the user on a website provided by the service server.

In an associated embodiment, the service server compares the transmitted user identification data with the user identification data stored in the user account and, after a successful comparison, makes access to the service possible. To ensure secure access to the service, the user identification data in this embodiment preferably comprise the user identifier and an authentication feature of the user.

A further connected embodiment of the method and the switching device provides that the service server transmits the user identification data transmitted by the user to the switching device for checking and access of the user to the service based on the receipt of a confirmation message from the switching device via a successful checking of the user identification data releases. Advantageously, the service server uses the switching device in this embodiment to check the user identification data. In this embodiment, the user identification data may include only the user identifier. High security can be ensured in this case by the switching of the switching device. In a further refinement of the method and the switching device, the user identification data are processed on the basis of a corresponding requirement. tion of the user from the provisioning device to the service server to access the service. In this embodiment, the user does not need to transmit the user identification data to the service server himself, but can resort to the switching device for this purpose. In particular, the switching device can provide a web page on which the request can be made by the user.

In order to provide secure access to the service, a related embodiment of the method and the switch includes transmitting the user identification data together with an authentication feature of the switch to the service server and the service server releasing the user's access to the service upon successful verification of the authentication feature , The authentication feature may include, for example, a digital signature created by the switch.

In one embodiment of the method and the switching device it is provided that the switching device performs an authentication of the user, and the user identification data are transmitted to the service server only upon a successful authentication of the user. This ensures that the switching device can not be used by an unauthorized third party to generate a user account for the user in a service server. In addition, an embodiment of the method and the switching device provides that the switching device performs a payment process for the user on the basis of a billing request of the service server. This is particularly suitable for paying fees that are incurred due to a specific user action. For regularly recurring costs, such as basic charges, which are to be paid regularly in specified billing periods, billing may be charged by the intermediary ren design also be made automatically. The amount of the fees and the time for the billing can be deposited for this purpose in the intermediary. The payment of the paid use of a service can thus be made via the switching device. This has the advantage that necessary for the execution of the payment process sensitive data of the user need not be passed to the service server. After the payment transaction has been carried out, billing preferably takes place between the switching device or its operator and the service provider in order to provide the latter with the amount paid for the use of the service.

An associated embodiment of the method and the switching device is characterized in that the user is redirected from the service server to the switching device for carrying out the payment procedure. The billing request is transmitted in connection with the diversion from the service server to the switching device.

In addition to the method and the switching device, the invention also provides a computer program. The computer program comprises instructions for carrying out the method by means of a processor device when the computer program is executed on the processor device.

The above-mentioned and further advantages, special features and expedient further developments of the invention will become clear also from the exemplary embodiments, which are described below with reference to the figures.

FIG. 1 shows a schematic representation of a system with a service server of a service provider, a user and a switching device, and FIG 2 shows a schematic representation of steps for carrying out a mobile radio TAN method. In the arrangement, which is illustrated schematically in FIG. 1, users 101, one of whom is shown by way of example in the figure, can access a service provided by a service server 102 of a service provider. The access to the service server 102 via a not shown in the figure data network, such as the Internet, which allows an electronic see data exchange with the service server 102. The service server 102 provides the service via a web platform (website), which may include one or more individual web pages through which users 101 may interact with the service server 102. The service offered by the service server 102 may be any service known per se to the person skilled in the art which can be made accessible via a web platform. Examples are an e-commerce service, in particular for the purchase of electronic content, a social networking service and an online banking service. The service server 102 is configured in a manner known per se to a person skilled in the art as a server computer having one or more processors for executing software for providing the web platform, a storage unit for storing the software and other data and, if necessary, further for the Deployment of the web platform required component.

The access to the service provided by the service server by a user 101 requires the registration of the user 101 in the service server 102. For registration, a user account assigned to the user 101 is generated in a user database 103 of the service server 102. The user database 103 is preferably contained in the storage unit of the service server 102. After a user account for a user 101 has been generated in the service server 102, the user 101 can use his user account 102 to access the service provided by the service server 102 to use the service.

In the arrangement shown, user accounts can be set up via a switching device 104, wherein the switching device 104 in particular provides user identification data for storage in the established user accounts. In addition, however, it may also be provided that users

101 directly, i. without involvement of the switch 104, register with the service server 102. With such a registration of a user 101, personal user data of the user 101 are collected and within the user account generated for the user 101 in the user database 103 of the service server

102 deposited. In one refinement, the personal user data comprise details for the unique identification of the user 101, so that the service provider obtains clear knowledge about the identity of the user 101. This information, which may include, for example, the name of the user 101 and possibly further information such as the date of birth, may be used by the service provider, inter alia, against the user 101, claims resulting from the use of the service, in particular monetary claims to assert. In addition, other user data can be detected, such as a postal address of the user 101, telephone numbers and / or addresses for electronic communication, such as e-mail addresses.

In addition to the personal user data of the user 101, identification and authentication information stored in a user account of the service server 102 is used to identify and authenticate the user 101 when he logs on to the service server 102 in order to access the service , In one embodiment, a user identifier is stored in the user account as an identification feature. The user identifier is uniquely assigned to the user and can preferably be specified by the user himself when setting up the user account. As an authentication feature, in one embodiment, a secret password is used that the user 101 preferably also determine yourself. When the user 101 logs on to the service server 102, he is preferably prompted by a web page provided on the service server 102 to enter his identification and authentication features. The inputs of the user 101 are transmitted via the web page to the service server 102 and checked by the service server 102 by comparing the entered identification and authentication features with the corresponding data stored in the user account of the user 101. Access to the services provided by the service server 102 is permitted when the authentication and authentication features have been successfully checked.

The switching center 104 for the automated generation of user accounts is designed as a further server computer which is connected to the service server 102 via the data network. For data exchange with the service server 102, the switch 104 provides suitable interfaces for electronic communication, preferably allowing automated data exchange without the involvement of an operator of the switch 104 and the service server 102. The communication between the switching device 104 and the service server 102 is preferably protected against unauthorized manipulation by third parties by means of suitable mechanisms known to the person skilled in the art, in particular cryptographic mechanisms. In order to perform the functions provided, the switching device 104 has suitable hardware, which comprises one or more processors, a memory unit and possibly further hardware components for implementing the functions of the switching device 104.

Although only a single service server 102 is illustrated in FIG. 1, the switch 104 is capable of interacting with a plurality of service servers 102 that can provide different services and / or operate from different service providers. The service providers and the service servers 102 operated by them as well as those of the service servers 102 Provided services are preferably registered in the switch 104. For this purpose, the switching center 104 provides a service database 105 in which data for the service servers 102 and service providers are stored. The data stored for the service servers 102 in the service database 105 preferably includes information for identifying the service servers 102 and authenticating the service servers 102 in the switch 104. The authentication is in one embodiment based on cryptographic methods and information known to those skilled in the art, in particular crypto - Graphical keys performed, which are executed in the intermediary 104 or deposited. For the service servers 102 registered in the service database 105, the services provided in each case are registered on the basis of information which is displayed to users 101 in order to inform them about the nature and content of the services and to enable them to select a service. This information preferably includes a description of the contents of the services provided as well as prices and other terms for using the services. For the service providers, information about the identification of the service providers is preferably stored in the service database 105, which possibly enable users 101, in particular, to assert claims in connection with the provision of the services against the service providers.

The information stored in the service database 105 is collected by the operator of the switching device 104 in one embodiment in a secure procedure and checked by him. In addition, provision may be made for a service provider or a service provided by a service provider to be registered in the switching device 104 only if it satisfies predetermined selection criteria that can be specified by the operator of the switching device 104. The secure collection of the information stored in the service database 105 and by suitable selection criteria can ensure that only reputable service providers and services are registered in the switching device 104. Through these measures the intermediary agency 104 obtains the status of a trusted authority from the users 101, whose details the users 101 can trust without having to carry out an examination themselves. In the system shown in FIG. 1, the user 101 accesses the switching device 104 with a user computer 106 and optionally directly to the service server 102. The access to the switching device 104 also takes place via the data network not shown in the figure. The user computer 106 is a stationary or mobile data processing system, which is equipped with a processor unit and a memory unit and has a user interface with the person skilled in the art known input and output means for interacting with the user 101. The switch 104 also provides a web platform with one or more web pages for interaction with the user 101. For accessing the web platform by means of the user computer 106, the user computer 106 has a web browser known per se. This is a software program that is installed on the user computer 106 and that can be executed by the processor unit and that allows viewing of web pages and interaction of the user 101 with corresponding elements of web pages, such as input fields and buttons. Exemplary web browsers that may be used in the user computer 106 are the Microsoft Explorer Internet Explorer programs and the Mozilla Foundation Firefox programs.

Users 101 who want to set up a user account at the service server 102 via the intermediary agency 104 are registered in the exchange 104. During the registration, user data of the users 101 are stored in a user database 107 of the switching device 104. The user data preferably comprises at least the aforementioned information, which is also stored in the user account of the user account database 103 of the service server 102 in the case of a direct registration of a user in the service server 102. Compared to the service server 102 or the service provider, the intermediary agency 104 assumes the role of a trusted authority. This means that the service provider trusts in the correctness of the user data stored in the switching center 104. For this purpose, the operator of the switching device 104 ensures that the user data stored in the user database 107 are correct. For this purpose, the user data is collected by the operator in a secure process.

Preferably, the user data specified by a user 101 is checked by the operator by checking submitted evidence or otherwise. In one embodiment, the personal appearance of a user 101 is provided to the operator to collect the user data. In this case, the user 101 presents his identity card and, if necessary, additional additional trustworthy proofs to prove his information, and an employee of the operator checks the identity card and any further evidence presented before the user data contained in the evidence is stored in the identity database 101. User data that can not be evidenced by identity cards, certificates or similar evidence can be reviewed in other ways. Addresses such as e-mail addresses or telephone numbers may be verified, for example, by contacting the user 101 using the addresses or telephone numbers, and the user 101 must respond to the contact in a particular manner for the service provider to verify looks successfully. In order to identify users 101 in the switching center 104, user identifications are stored in the user database 107 for the registered users. These are entered by the users 101 at a request of the switching device 104, for example on a website provided by the switching device 104. The user identifier used for the identification can be a data element of the user data collected in the secure method, for example the name of the user. However, it is preferable in each case one specified by the user in question 101 or the switching device predetermined identifier, which is deposited as additional information for the purpose of user identification relative to the switching device 104 in the user database 107.

In particular, in order to allow users 101 secure access to the switching center 104, the switching center 104 is additionally able to authenticate the users 101 registered in the user database 107. This is done on the basis of authentication information of the users 101, which may be stored together with the user data in the user database 107. The authentication information for a user 101 may include, for example, a user identifier and an associated secret password, which the user 101 inputs for authentication on a website provided by the intermediary 104 or otherwise, or a digital certificate for checking a digital signature that the user 101 for authentication to the switching device 104, include. Likewise, the authentication information may be, for example, data for checking a biometric feature of the user 101, such as a fingerprint, iris pattern or voice profile, the biometric features for user authentication being captured by the user computer 106 and transmitted to the switch 104 for review can.

Likewise, user data from users 101 can also be used for their authentication in the switching device 104, for example for authentication by means of a mobile radio TAN method, as illustrated schematically in FIG.

To authenticate a user 101 based on the mobile TAN method, the switching device 104 generates a transaction number (TAN) and transmits a message with the transaction number to a mobile terminal 201 of the user 101 (steps 203a, 203b). To transmit the message will uses a telephone number associated with the Mobilfunkendgerat 201 and stored as a part of the user data of the user 101 in the user database 105. The TAN is an alphanumeric character string used once (ie for exactly one authentication process), which is preferably generated randomly, ie by means of a random algorithm, in the switching device 104. The message with the TAN can for example be transmitted via a mobile network 202 by means of the SMS (Short Message Service) or another provided by the mobile network 202 messaging service to the mobile terminal 201 of the user 101.

After receiving the message, the user 101 inputs the TAN on a web page provided thereto by the switch 104 (step 205), and the input TAN is transmitted to the switch 104. In the embodiment illustrated in FIG. 2, the user 101 accesses the website by means of his user computer 106. The TAN is displayed after receiving the message to the Mobilfunkendgerat 201 and for entry on the website, the user 101 reads the TAN on Mobilfunkendgerat 201 from (step 204) and then enters them by means of the user computer 106 on the website. After the transmission of the TAN entered by the user 101 to the switching center 104, the switching center 104 compares the TAN entered with the TAN previously transmitted to the mobile terminal 201 of the user 101, which is stored in the switching center 104 for this purpose. If both TANs match, user authentication is successfully completed. If there are any differences between the TANs, the user authentication will be considered as failed. In the event of a failure, the mobile TAN method can be repeated with a new TAN, for example, to give a user 101 who has mistakenly entered the TAN incorrectly on the web page the opportunity for a successful authentication. In order to generate a user account for accessing the service provided by the service server 102 via the intermediary agency 104, the user 101 first requests the establishment of the user account at the intermediary agency 104. For this purpose, the switching device 104 preferably gives the user, on the web platform provided by the user, the option of selecting the service server 102 or the desired service provided by the service server 102 from the services registered in the service database 105. For this purpose, one or more web pages of the web platform can be provided, on which the registered services are displayed together with the description stored for the services. Alternatively or additionally, the user can be given the possibility on a web page of the web platform to specify the service directly, for example by means of a corresponding designation. In this way, the user 101 can easily request the opening of a user account at a service if he already knows that the service is registered in the switch 104. He can receive such information directly from the service server 102 or the service provider, for example.

After the user 101 has selected or specified a service, the switch 104 generates the user account due to an interaction with the user 101 and the service server 102. In one embodiment, the generation of the user account requires the identification and authentication of the user 101 in the switching device 104 as well as the release of the opening of the user account by the user 101. The release may be performed by the user in a separate step by a corresponding user action, for example, made on a web page provided by the intermediary agency 104. In a further embodiment, the release takes place implicitly by the input of the identification and / or authentication information by the user 101. In order to identify the user, in a response to the request to generate a user account for the selected service in one embodiment, the switch 104 requests the user 101 to specify the user identifier stored in the user database 107 for the user 101. The request is preferably contained in a web page provided by the intermediary agency 104 which offers the user 101 the opportunity to input the requested user identifier. This can be done in particular on the basis of a corresponding input field for inputting the user identification on the web page, wherein the entered user identification is transmitted to the switching device 104 on the basis of a user action, for example the actuation of a corresponding button.

For authentication of the user 101 in the switching device 104, a two-stage authentication method is provided in one embodiment. In this case, the user 101, together with the request to specify his user identification, is requested to transmit authentication data for a first user authentication. This authentication data may be the secret password of the user 101 stored in the user database 107. The input of the password can be made in a further input field together with the input of the user ID on the same web page, wherein the transmission of the authentication data due to a corresponding user action takes place in the same step as the transmission of the user ID. After successful verification of the authentication data, the user 101 arrives at a first level of authentication in the two-level authentication.

After the transition to the first level of authentication, the switching device 104 possibly performs a further authentication of the user 101 in the second stage. The user authentication in the second stage preferably takes place in a different way than in the first stage, in particular, other authentication data are used than in the first authentication stage. The user authentication in the second stage is a process that creates another data exchange between the user 101 and the switch 104 includes. Depending on the type of user authentication provided in the second stage, the communication takes place via further web pages which are provided by the switching device 104 and / or by means of messages exchanged between the user computer 106 and the switching device 104. In one embodiment, the user authentication is performed in the second stage by means of the previously described mobile radio TAN method. Alternatively, the second-level user authentication may be done in other ways, such as by examining a biometric feature of the user, such as a fingerprint, the iris pattern, or a voice profile of the user 101 captured by the user computer 106, and to the switch 104 for review is sent.

In a further embodiment, only one-level user authentication is carried out in the switching device 104 and a second step is dispensed with. Furthermore, an embodiment provides that the number of levels of user authentication is selected depending on the service that the user 101 wishes to access. In each case, it can be specified for the services registered in the switching center 104 in the service database 105 whether a one-level or two-level user authentication in the switching center 104 is made for generating a user account for access to the service. This information can be given by the respective service providers. A single-level user authentication simplifies the authentication process for the user and thus increases the user comfort. A two-level authentication can be selected if a higher level of security is required, for example, if the use of the service is subject to a charge and the user agrees to the payment of the service when the user account is opened. Upon successful identification and authentication of the user 101 in the switch 104, the switch 104 initiates the opening a user account based on an interaction with the relevant service server 102. In particular, a request for opening a user account is sent from the switching device 104 to the service server 102. In one embodiment, user identification data is transmitted from the switching device 104 to the service server 102 together with the request. On the basis of the request of the switching device 104, the service server 102 generates a user account for the user in the user database 103 and stores the user identification data received in the user account together with the request.

Further data of the user are not stored in the user database 103 in one embodiment. In this embodiment, the information that the service server 102 receives about the user is limited to the user identification data provided by the switch 104. As will be shown below, the user identification data preferably contain no personal information of the user, so that anonymous use of the service by the user is possible. However, the operator of the switching device 104 preferably provides personal information to the service provider on a reasoned inquiry if, for example, he has a legitimate interest in receiving the personal information. This may for example be present if the user does not pay for a paid service.

In one embodiment, the user identification data comprises a user identifier, which is uniquely assigned to the user 101 by the switching device 104 and can be generated in the switching device 104. For example, this may be an alphanumeric string that is suitably generated in the switch 104. In an alternative embodiment, the user identifier is given by the user 101 at the request of the switching device 104. The switching device 104 can be used to specify the user identifier, for example provide a web page containing an input field into which the user 101 enters the user identifier provided by him. When the user identifier is input by the user 101, the intermediary agency 104 preferably ensures that the user identifier can be uniquely assigned to the user account to be opened. For this purpose, the switching device 104 checks whether an identical user identifier already exists for another user account. If this is the case, the switching device 104 requests the user 101 to change the user identifier specified by him. In this case, the switching device 101 can also submit a proposal for a unique user identifier.

Due to the transmission of the user identifier to the intermediary agency 104, the intermediary agency 104 preferably stores the user identifier, indicating the service server 102 or the service within the user data stored in the user database 107 of the intermediary agency 104. As a result, the user is also registered within the switching device 104 for the service. The user identifier may be considered as a unique identifier of the relationship between the user 101 and the service server 102 that is established due to the opening of the user account. Based on the user identifier, an anonymous user account for the user 101 can be set up in the service server 102, the contractual relationship between the service provider and the user 101 being safeguarded by the intermediary agency 104. Optionally, the user 101 can specify a further authentication feature on a corresponding request of the switching device 104, which is deposited by the switching device 104 when opening the user account in this. The authentication feature preferably corresponds to an authentication feature which is also stored in the user account in the direct registration of a user in the service server 102 and can, as described above, be designed as a secret password of the user. The authentication feature can be used together with the user identifier in one embodiment by the user 101 to log in directly to the service server 102 after the opening of the user account by means of the switching device 104.

After the opening of a user account by means of the switching device 104, the user account can be deleted again via the switching device 104. In one embodiment, this is done at the request of the user 101. The request may preferably be input from the user 101 via a web page provided by the switch 104. Preferably, the deletion of the user account takes place only after a successful authentication of the user 101 in the switching device 104, which is made on the basis of the request of the user 101. Authentication can be one-level or two-level. Based on the request, the user identifier associated with the service server 102 or service provided by it is deleted or provided with a deletion mark within the user data in the user database 107 of the intermediary agency 104. Further, the service server 102 is informed of the deletion request of the user 101. Based on the information, the service server 102 preferably then deletes the user 101 user account.

The deletion of the user account can be carried out automatically in a further embodiment of the switching device 104 at a predetermined time. The point in time can be specified by the user 101, for example, when the user account is opened via the switching device 104 or at a later time. In this case, the deletion time, for example, the end of a predetermined contract period for the use of the service provided by the service server 102 correspond. Even in the case of an automatic deletion, the user identifier associated with the service server 102 or the service it has provided is deleted within the user data in the user database 107 of the intermediary agency 104 or provided with a deletion mark. Further, the service server 102 is informed of the deletion request, so that the user account in the service server 102 can be deleted. For registering the user 101 with the service server 102, various embodiments may be used. One embodiment provides for a direct login of the user to the service server 102. In this case, after opening the user account by the switching unit 104, the user 101 gives the user identifier stored in the user account and the authentication feature to a request from the service server 102, which is made, for example, on a web page provided by the service server 102 and called up by the user 101 at. The service server 102 compares the specified user identifier with the user identifier stored in the user account, and the service server 102 also compares the authentication feature entered by the user 101 with the authentication feature stored in the user account. If the inputs match the deposited data, the service server 102 releases access to the provided service associated with the user account in one embodiment. In a further embodiment, the service server 102 also checks by a corresponding request to the switching device 104 whether the user 101 is registered in the switching device 104 for the use of the service provided by the service server 102. In this case, the service server 102 grants access to the service only if this has been confirmed by the exchange 104. In a further refinement, after opening the user account, the user 101 accesses the service server 102 at the service server 102 via the switching device 104. In this embodiment, the user 101, as previously described, first logs on to the switch 104 and indicates on a web page provided by the switch that he wants to access the service server 102. The registration takes place on the basis of an identification and an authentication of the user 101 in the switching center. direction 104, where the user authentication needs to be made only in one step. After the successful identification and authentication of the user 101, the user 101 is redirected by the switching device 104 to a web page provided by the service server 102, via which the user 101 can access the service provided by the service server 102. The redirection can take place in a manner known to the person skilled in the art on the basis of a so-called link, which contains a web address of the website of the service server 102 and is called by the user on a website of the switching device 104. The website of the service server 102 or its web address is preferably stored in the service database 105 of the switching device 104 in association with the service server 102 or the service provided by the service server 102.

Due to the user's redirection to the service server 102, the switch 104 sends the user identifier deposited in the service server 102 upon opening the user account to the service server 102. In one embodiment, the user identifier may be the parameter within the web address of the user Web page to which the switching device 104 redirects the user. In particular, the user identifier can be contained as a parameter in a so-called query string of the web address, which is transferred from the web browser of the user 101 to the service server 102 when the web page specified by the web address is called. Alternatively, the user identifier may also be sent in a separate message from the switch 104 to the service server 102. Using the user identifier, the service server 102 identifies the user 101 and grants access to the service provided by the user's account. Together with the user identifier, an authentication feature of the switching device 104, such as a digital signature, is preferably transmitted from the switching device 104 to the service server 102, which is checked by the service server 102. In this way, the authenticity of the user identifier can be ensured. Entering another alarm authentication feature by the user, such as the entry of the secret password is not required in this embodiment, but it can of course be additionally provided. In a further embodiment, the user 101 logs on directly to the service server 102, preferably on a web page provided by the service server 102, to access the service provided by the service server 102. At login, the user 101 specifies the user identifier previously deposited by the switch 104 in the user 101 user account in the service server 102. The input of the user identifier can take place via a corresponding input field of the web page provided by the service server 102. In addition, it can be provided that the user indicates his authentication feature and this is checked by the service server 102, so that the registration at the service server 102 first takes place in the same way as described above. After the user has entered his user identifiers and the user's authentication feature has possibly been checked, the service server 102 transmits the user identifier to the intermediary agency 104 for review. Together with the user identifier, identification and authentication information of the service server 102 is preferably sent to the intermediary agency 104 sent by the switch 104 for identifying and authenticating the service server 102. Upon successful identification and authentication of the service server 102, the switch 104 checks whether the user 101 is registered under the obtained user identifier for accessing the service provided by the service server 102. If so, the switch 104 sends a confirmation message to the service server 102. Upon receiving the confirmation message, the service server 102 then enables the user 101 to access the service. The confirmation message preferably contains an authentication feature of the switching device 104, for example a digital signature that is checked by the service server 102, wherein the release is only possible in the event of a successful authentication check. feature. On the basis of the confirmation message, the service server 102 can see that the user is (still) registered in the switching unit 104 for the use of the service. In the embodiment described above, it may optionally also be provided that the user 101 is authenticated by the provisioning device 104 after the switching device 104 has received the user identifier from the service server 102. This is expedient in particular if no authentication of the user by means of an authentication feature is carried out in the service server 102. The authentication of the user in the switching device takes place in the manner already described above in a one- or two-stage method. The confirmation message sent from the switching device 104 to the service server 102 additionally includes an indication of the result of the authentication when user authentication is provided in the switching device 104. Access to the service is granted by the service server 102 in response to the result of the authentication contained in the confirmation message. Preferably, a release takes place only after a successful authentication of the user. If the use of the service provided by the service server 102 is bound by the user 101 with the payment of fees, the fee payment can be made via the intermediary agency 104. In the case of regularly recurring costs, such as basic fees, which are to be paid regularly in predetermined billing periods, billing can be carried out automatically by the intermediary agency 104. The amount of the fees and the times for the billing can be stored for the service in the service database 105 of the intermediary agency 104. The consent to the execution of the billing can be given by the user 101 to the switching device already in connection with the establishment of the user account. If, when using the service via the web platform of the service server 102, a fee is due due to a specific user action, this fee can also be billed via the intermediary agency 104. As a result, the user 101 does not need to provide the data required for billing, such as bank data, to the service server 102. To perform the payment process, the user 101 is redirected from the service server 102 to the switch 104 in one embodiment. In one embodiment, the redirection takes place by providing a link on a web page provided by the service server 102, which can be called up by the user 101. The link directs the user 101 to a given website of the switch 104 to perform the payment process.

In connection with the diversion, the user identifier assigned to the user 101 is transferred from the service server 102 to the switching device 104. On the basis of the user identifier, the switching device 104 identifies the user for whom the payment transaction is being carried out. Furthermore, the amount to be billed is preferably transferred from the service server 102 to the switching device 104. Along with the indications, identification and authentication information of the service server 102 is preferably sent to the switch 104 used by the switch 104 to identify and authenticate the service server 102. The payment process is carried out by the switching device only after successful identification and authentication of the service server 102.

The transfer of the abovementioned information from the service server 102 to the switching device 104 can take place, for example, by inserting the data as a parameter into the web address contained in the link. In particular, the details, as already explained above, can be contained in a query string of the web address, which is transferred to the switching device 104 when the web page is called up. Alternatively, the information but also in a separate message from the service server 102

Switching device 104 are transmitted.

After redirecting the user to the switch 104 and more successfully identifying and authenticating the service server 102, the switch 104 performs user authentication. In one embodiment, a two-stage authentication is carried out in the manner described above. However, it may also be provided only a single-level user authentication. Furthermore, it can be provided that the number of stages is specified by the service server 102. The default may be communicated to the switch 104 together with the user identifier and the amount to be cleared from the service server 102, wherein the switch 104 recognizes the default and performs the user authentication according to the specification. After the successful authentication of the user and, if necessary, after the user has consented to the payment process, the payment process is carried out by the switching device 104. This is done by means of an online payment method known per se to the person skilled in the art, for example by means of the credit card of the user 101 whose data are collected by the switching device 104 for this purpose or are already stored in the user database 107 for the user 101.

Upon successful completion of the payment process, the user is redirected from the switch 104 to the service server 102 so that he can continue to use the service of the service server 102. The redirection is made to a web page whose web address has previously been passed as a parameter from the service server 102, or is stored permanently for the service server 102 in the service database 105 of the switch 104. For redirection, in turn, a link containing the web address can be provided by the switching device 104, which is called by the user 101 via his web browser to return to the service server 102. In connection with the diversion, the switching center 104 transmits in addition, a confirmation of payment to the service server 102. Again, the confirmation may be provided as a parameter to the web address used for the redirect or may be sent as a separate message. The confirmation is in turn connected to an authentication feature, which can be checked in the service server 102.

Due to the performance of the payment process, billing of the amount incurred for the use of the service is made between the switching device 104 or its operator and the service provider, which is forwarded to the service provider by the operator in a suitable manner known to the person skilled in the art. Thus, the switch 104 also acts as a provider of a payment service for the service provider. In this way it is avoided that payment data, such as credit card and / or account data of the user 101 must be transferred to the service server 102.

Although the invention has been described in detail in the drawings and the foregoing description, the illustrations are illustrative and exemplary and not limiting. In particular, the invention is not limited to the illustrated embodiments. Other variants of the invention and their execution will become apparent to those skilled in the art from the foregoing disclosure, the drawings and the claims.

Terms used in the claims, such as "comprising,""comprising,""including,""containing," and the like, do not exclude other elements or steps. The use of the indefinite article does not exclude a majority. A single device can perform the functions of several units or devices mentioned in the claims. Reference signs indicated in the claims should not be regarded as limitations on the means and steps employed. Reference number user

service server

User database

switch

Service database

user computer

User database mobile terminal

mobile network

 03b, 204-206 steps

Claims

claims
1 . A method for providing user identification data for generating a user account containing a user identification data of a user in a service server, which provides an electronic service using the user account, wherein the user is registered in a switching device and the switching device due to the registration of the user, a request for generating the user account and transmitting the user identification data to the service server such that the service server generates the user account using the user identification data.
2. The method according to claim 1, wherein the user identification data comprises a user identifier automatically generated by the switching device and / or a user identifier specified by the user.
3. The method of claim 1 or 2, wherein the user identification data comprise a specified by the user authentication feature, in particular a secret password.
4. The method according to any one of the preceding claims, wherein after the generation of the user account access to the service based on the user identification data.
5. The method of claim 4, wherein the user identification data is transmitted from the user to the service server to access the service.
6. The method according to claim 5, wherein the service server transmits the transmitted user identification data with the user identifier stored in the user account. comparison data and after successful comparison allows access to the service.
7. The method according to claim 5, wherein the service server transmits the transmitted user identification data for checking to the switching device and releases an access of the user to the service on the basis of the receipt of a confirmation message from the switching device via a successful checking of the user identification data.
8. The method of claim 4, wherein the user identification data is transmitted to the service server from the switch to the service server based on a corresponding request from the user.
The method of claim 8, wherein the switch provides a web page on which the request can be made.
10. The method of claim 8 or 9, wherein the user identification data are transmitted together with an authentication feature of the switching device to the service server, wherein the service server releases access to the service after successful verification of the authentication feature.
1 1. Method according to one of the preceding claims, wherein the switching device performs an authentication of the user, and the user identification data are transmitted only on a successful authentication of the user to the service server.
12. The method according to any one of the preceding claims, wherein the switching device performs a payment process for the user due to a billing request of the service server.
The method of claim 12, wherein the user is redirected to perform the payment transaction from the service server to the switch.
14. Connputerprogrannnnn with instructions for performing a method according to any one of the preceding claims by means of a processor device when the computer program is executed on the processor device.
15. A switching device for providing user identification data for generating a user account containing a user identification data of a user in a service server, which provides an electronic service using the user account, wherein the switching device contains a registration of the user and is configured to request the user to register for Generating the user account and the user identification data to the service server, such that the service server generates the user account using the user identification data.
PCT/EP2013/057098 2012-04-11 2013-04-04 Secure generation of a user account in a service server WO2013152986A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
DE102012205904.0 2012-04-11
DE201210205904 DE102012205904A1 (en) 2012-04-11 2012-04-11 Secure generation of a user account in a service server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US14/391,907 US20150066766A1 (en) 2012-04-11 2013-04-04 Secure Generation of a User Account in a Service Server

Publications (1)

Publication Number Publication Date
WO2013152986A1 true WO2013152986A1 (en) 2013-10-17

Family

ID=48087560

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2013/057098 WO2013152986A1 (en) 2012-04-11 2013-04-04 Secure generation of a user account in a service server

Country Status (3)

Country Link
US (1) US20150066766A1 (en)
DE (1) DE102012205904A1 (en)
WO (1) WO2013152986A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9426156B2 (en) * 2013-11-19 2016-08-23 Care Innovations, Llc System and method for facilitating federated user provisioning through a cloud-based system
CN106209730A (en) * 2015-04-30 2016-12-07 华为技术有限公司 A kind of method and device managing application identities
EP3147834A1 (en) * 2015-09-28 2017-03-29 Deutsche Telekom AG Method for anonymous use of services on a network
US10158982B2 (en) * 2017-04-25 2018-12-18 Vmware, Inc. Message-based management service enrollment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025241A2 (en) * 1998-10-28 2000-05-04 Ubizen, Naamloze Vennootschap Method for supplying services via at least one network and network architecture and management centre used thereby
WO2003049000A1 (en) * 2001-12-04 2003-06-12 Sun Microsystems, Inc. Distributed network identity
EP1437670A1 (en) * 2003-01-09 2004-07-14 Siemens Aktiengesellschaft System and method for payment of services in networks using single sign-on procedure
US20060021019A1 (en) * 2004-07-21 2006-01-26 International Business Machines Corporation Method and system for federated provisioning
WO2006061326A1 (en) * 2004-12-10 2006-06-15 International Business Machines Corporation Method and system for secure binding register name identifier profile
WO2008034841A2 (en) * 2006-09-20 2008-03-27 SIEMENS AKTIENGESELLSCHAFT öSTERREICH Method for controlling access and access control system for digital contents
US20120023565A1 (en) * 2010-04-28 2012-01-26 Tumanyan Hovhannes Systems and methods for system login and single sign-on

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1995016971A1 (en) * 1993-12-16 1995-06-22 Open Market, Inc. Digital active advertising
JP3361661B2 (en) * 1995-09-08 2003-01-07 株式会社キャディックス Authentication method on the network
US6636833B1 (en) * 1998-03-25 2003-10-21 Obis Patents Ltd. Credit card system and method
MXPA01004945A (en) * 1998-11-17 2003-03-10 Prenet Corp Electronic payment system utilizing intermediary account.
EP1569405A1 (en) * 2004-02-27 2005-08-31 Telefonaktiebolaget LM Ericsson (publ) Technique for creation and linking of communications network user accounts
US8285640B2 (en) * 2008-07-23 2012-10-09 Ebay, Inc. System and methods for facilitating fund transfers over a network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025241A2 (en) * 1998-10-28 2000-05-04 Ubizen, Naamloze Vennootschap Method for supplying services via at least one network and network architecture and management centre used thereby
WO2003049000A1 (en) * 2001-12-04 2003-06-12 Sun Microsystems, Inc. Distributed network identity
EP1437670A1 (en) * 2003-01-09 2004-07-14 Siemens Aktiengesellschaft System and method for payment of services in networks using single sign-on procedure
US20060021019A1 (en) * 2004-07-21 2006-01-26 International Business Machines Corporation Method and system for federated provisioning
WO2006061326A1 (en) * 2004-12-10 2006-06-15 International Business Machines Corporation Method and system for secure binding register name identifier profile
WO2008034841A2 (en) * 2006-09-20 2008-03-27 SIEMENS AKTIENGESELLSCHAFT öSTERREICH Method for controlling access and access control system for digital contents
US20120023565A1 (en) * 2010-04-28 2012-01-26 Tumanyan Hovhannes Systems and methods for system login and single sign-on

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"CHARGING, BILLING AND PAYMENT VIEWS ON 3G BUSINESS MODELS", UMTS FORUM REPORT, XX, XX, Nr. 21, 1. Januar 2002 (2002-01-01), Seiten I-IV,01, XP001180570, *
LANDAU S: "Liberty ID-WSF Security and Privacy Overview", INTERNET CITATION, 29. November 2004 (2004-11-29), XP002308069, Gefunden im Internet: URL:http://www.projectliberty.org/specs/liberty-idwsf-security-privacy-overview-v1.0.pdf [gefunden am 2004-11-29] *
None

Also Published As

Publication number Publication date
US20150066766A1 (en) 2015-03-05
DE102012205904A1 (en) 2013-10-17

Similar Documents

Publication Publication Date Title
US8555355B2 (en) Mobile pin pad
DE102008000067B4 (en) Method for reading attributes from an ID token
US9596237B2 (en) System and method for initiating transactions on a mobile device
RU2438172C2 (en) Method and system for performing two-factor authentication in mail order and telephone order transactions
ES2319722T3 (en) Telepago procedure and system for the practice of this procedure.
ES2714377T3 (en) Network security and fraud detection procedure
US9130931B2 (en) Method for reading an attribute from an ID token
AU2007281028B2 (en) Transaction authorisation system and method
US8180686B2 (en) Multi-step authentication-based electronic payment method using mobile terminal
AU2011342282B2 (en) Authenticating transactions using a mobile device identifier
CN101919219B (en) Method and apparatus for preventing phishing attacks
JP5585969B2 (en) Method, program and computer system for reading attribute from ID token
JP4960883B2 (en) Authentication device and / or method
US8627437B2 (en) Method for reading attributes from an ID token
EP1922632B1 (en) Extended one-time password method and apparatus
US9911146B2 (en) Method and system for providing online authentication utilizing biometric data
US7627895B2 (en) Trust tokens
AU2005318933B2 (en) Authentication device and/or method
US20060179007A1 (en) Centralized electronic commerce card transactions
EP2314046B1 (en) Credential management system and method
US20040010472A1 (en) System and method for verifying information
JP2005531823A (en) Controlling user access to resources distributed over a data communications network
US20110047605A1 (en) System And Method For Authenticating A User To A Computer System
US20030046237A1 (en) Method and system for enabling the issuance of biometrically secured online credit or other online payment transactions without tokens
JP2005508040A (en) Improving the quality of identity verification in data communication networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13715659

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 14391907

Country of ref document: US

122 Ep: pct application non-entry in european phase

Ref document number: 13715659

Country of ref document: EP

Kind code of ref document: A1